Subject: [netatalk-admins] RE: Unexpectedly disconnected?
From: Neil McAllister (nmcallister@primo.com)
Date: Sat Oct 24 1998 - 22:07:38 EDT
Hm, other people don't seem to be experiencing my disconnect troubles, so
let me elaborate further.
1. I've been running netatalk-asun2.1.0pre13a, though I just updated to
full 2.1.0. I don't know if the problem persists with this version, but I
suppose it does, since I've always had the problem as far back as
1.4b2+asun2.0a18.
2. My afpd.conf file looks like this:
" - Central Files -" -savepassword -setpassword -rand2num -address
xxx.xxx.xxx.xx5 -defaultvol /etc/AppleVolumes.Central -guest -notcp
" - Production World -" -savepassword -setpassword -rand2num -defaultvol
/etc/AppleVolumes.Production -guest -address xxx.xxx.xxx.xx6 -notcp
" - Admin Server -@PAI-Admin Zone" -savepassword -setpassword -rand2num
-defaultvol /etc/AppleVolumes.Admin -guest -address xxx.xxx.xxx.xx7 -notcp
"Netserver" -noddp -setpassword -rand2num -defaultvol
/etc/AppleVolumes.Netserver -address xxx.xxx.xxx.xx8
Basically, what I'm doing here is starting up four AFP servers; two in one
zone, one in another, and a fourth to handle ASIP connections. The long
and short of this is that I want people to be able to connect to the server
as Guest, if they want to, but not when they're using TCP/IP (for security
reasons). So the fourth server is the only one that handles TCP/IP
connections, and it has the -noguest and -noddp options on. (I have IP
addresses in the other servers from earlier configurations; so far as I
know, though, they do nothing, as they have the -notcp option.)
THE PROBLEM:
When I connect to the server via Appletalk (i.e. I select the volumes I
want using one of the servers that has the -notcp option turned on) and
then run a Retrospect backup on them, everything seems to work fine.
When I instead punch in the address of the fourth server (the one that
accepts TCP/IP connections but has -noddp on) I can run the backup for a
while, but invariably before the end of the backup the server will drop
out, and I will get the message on my screen "Server 'Netserver' has
unexpectedly shut down."
MORE INFO:
My network card is a 3c905 (if I remember right) 10/100 MBit card. The
machine is attached to a port on a 10/100 switching hub, so it's running at
100 MBit, though nobody is connecting to it faster than 10 MBit as no
client machines are running on 100 Base.
I've experimented with the -ALLMULTI flag on the various interfaces on the
machine to see if that improves the stability of the TCP/IP connection, but
it does not.
If you're wondering about all the addresses in the afpd.conf file, you may
not have already guessed that it's a Linux machine using IP aliasing, that
pretends it has 4 different IP addresses. Yep, the only AFP server that
handles TCP/IP connections is on an aliased IP address. I wonder if that's
significant? I suppose I can change it.
Since the "Netserver" server has -noddp turned on, I can't connect to it
using ASIP "the easy way" using the Chooser; instead I have to enter its IP
address manually. Not a problem for me; but I wonder if the connection is
treated differently for some reason, if there's no DDP entity?
ONE LAST NOTE:
I would love it if there was an option that would disable Guest access
only for TCP/IP connections, as this seems like a much bigger security risk
than accepting Guest access over Appletalk (you're opening up your server
to the whole dang Internet, after all!)
-- Neil McAllister, Systems Administrator Primo Angeli Inc., San Francisco, CA, USA http://www.primo.com mailto:nmcallister@primo.com
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:33 EST